v0.9.0: no-MAC device tracking, IP-change dashboard, extended search

This commit is contained in:
2026-07-02 20:37:57 +02:00
parent 9fa20af87a
commit 85118c5bcc
23 changed files with 1703 additions and 48 deletions
+348
View File
@@ -0,0 +1,348 @@
<?php
namespace App\Console\Commands;
use App\Models\NetworkDevice;
use App\Models\NetworkDeviceEvent;
use App\Models\NetworkHost;
use App\Models\NetworkScan;
use App\Models\NetworkSegment;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Log;
class NetworkScanCommand extends Command
{
protected $signature = 'network:scan
{segment? : ID des zu scannenden Segments (leer = alle fälligen)}
{--force : Scan erzwingen, auch wenn Intervall noch nicht abgelaufen}';
protected $description = 'Führt einen nmap-Scan für ein oder alle aktiven Netzwerk-Segmente durch';
public function handle(): int
{
$segmentId = $this->argument('segment');
$force = $this->option('force');
if ($segmentId) {
$segments = NetworkSegment::where('id', $segmentId)->where('active', true)->get();
if ($segments->isEmpty()) {
$this->error("Segment #{$segmentId} nicht gefunden oder inaktiv.");
return Command::FAILURE;
}
} else {
$segments = NetworkSegment::where('active', true)->get()
->filter(fn($s) => $force || $s->isScanDue());
}
if ($segments->isEmpty()) {
$this->info('Kein Segment fällig. Mit --force erzwingen.');
return Command::SUCCESS;
}
foreach ($segments as $segment) {
$this->info("Scanne Segment: {$segment->name} ({$segment->subnet}) ...");
$this->scanSegment($segment);
}
return Command::SUCCESS;
}
private function scanSegment(NetworkSegment $segment): void
{
// Subnetz aus "192.168.86.0/24" extrahieren, oder direkt als Range nutzen
$target = $segment->subnet;
$options = $segment->nmap_options ?: '-sn';
// nmap im XML-Modus ausführen
$cmd = "nmap {$options} -oX - " . escapeshellarg($target) . " 2>/dev/null";
$xmlOutput = shell_exec($cmd);
if (empty($xmlOutput)) {
$this->warn(" nmap lieferte keine Ausgabe. Ist nmap installiert? (sudo pacman -S nmap)");
Log::warning("NetworkScan: nmap gab keine Ausgabe für Segment {$segment->id}");
return;
}
$hosts = $this->parseNmapXml($xmlOutput);
$this->info(" {$hosts['online']} online von " . count($hosts['rows']) . " gefunden.");
DB::transaction(function () use ($segment, $hosts, $target) {
$scan = NetworkScan::create([
'segment_id' => $segment->id,
'subnet' => $target,
'source' => 'auto',
'scanner' => 'nmap',
'total_hosts' => count($hosts['rows']),
'online_hosts' => $hosts['online'],
'new_devices' => 0,
'changed_devices' => 0,
'created_by' => null,
]);
$newDevices = 0;
$changedDevices = 0;
foreach ($hosts['rows'] as $row) {
$hostRecord = NetworkHost::create([
'scan_id' => $scan->id,
'ip_address' => $row['ip'],
'mac_address' => $row['mac'] ?: null,
'hostname' => $row['hostname'] ?: null,
'mac_vendor' => $row['vendor'] ?: null,
'status' => $row['status'],
'ping_ms' => null,
'ttl' => null,
]);
if (!empty($row['mac'])) {
[$newDevices, $changedDevices] = $this->processDevice(
$hostRecord, $row, $scan->id, $newDevices, $changedDevices
);
} elseif ($row['status'] === 'online') {
// Kein MAC (Remote-Subnet / kein Root-ARP) → Tracking per Hostname/IP
[$newDevices, $changedDevices] = $this->processDeviceWithoutMac(
$hostRecord, $row, $scan->id, $newDevices, $changedDevices
);
}
}
$scan->update([
'new_devices' => $newDevices,
'changed_devices' => $changedDevices,
]);
});
$segment->update(['last_scanned_at' => now()]);
$this->info(" ✓ Scan gespeichert.");
}
private function parseNmapXml(string $xml): array
{
$rows = [];
$online = 0;
try {
$doc = new \SimpleXMLElement($xml);
} catch (\Exception $e) {
Log::error('NetworkScan: nmap XML parse error: ' . $e->getMessage());
return ['rows' => [], 'online' => 0];
}
foreach ($doc->host as $host) {
$status = (string) $host->status['state']; // up | down
$ip = '';
$mac = '';
$vendor = '';
foreach ($host->address as $addr) {
$type = (string) $addr['addrtype'];
if ($type === 'ipv4') {
$ip = (string) $addr['addr'];
} elseif ($type === 'mac') {
$mac = $this->normalizeMac((string) $addr['addr']);
$vendor = (string) $addr['vendor'];
}
}
$hostname = '';
foreach ($host->hostnames->hostname ?? [] as $hn) {
if ((string) $hn['type'] === 'PTR') {
$hostname = (string) $hn['name'];
break;
}
}
if ($status === 'up') {
$online++;
}
if ($ip) {
$rows[] = [
'ip' => $ip,
'mac' => $mac,
'vendor' => $vendor,
'hostname' => $hostname,
'status' => $status === 'up' ? 'online' : 'offline',
];
}
}
return ['rows' => $rows, 'online' => $online];
}
private function processDevice(
NetworkHost $hostRecord,
array $row,
int $scanId,
int $newDevices,
int $changedDevices
): array {
$device = NetworkDevice::firstOrNew(['mac_address' => $row['mac']]);
$isNew = !$device->exists;
if ($isNew) {
$device->fill([
'current_ip' => $row['ip'],
'hostname' => $row['hostname'] ?: null,
'mac_vendor' => $row['vendor'] ?: null,
'status' => $row['status'],
'first_seen_at' => now(),
'last_seen_at' => now(),
])->save();
NetworkDeviceEvent::create([
'device_id' => $device->id,
'scan_id' => $scanId,
'event_type' => 'new_device',
'new_value' => $row['ip'],
'description' => "Erstes Erscheinen: {$row['ip']}" . ($row['vendor'] ? " ({$row['vendor']})" : ''),
]);
$newDevices++;
} else {
$events = [];
if ($device->current_ip !== $row['ip']) {
$events[] = [
'event_type' => 'ip_changed',
'old_value' => $device->current_ip,
'new_value' => $row['ip'],
'description' => "IP geändert: {$device->current_ip}{$row['ip']}",
];
$changedDevices++;
}
if ($device->status !== $row['status']) {
$events[] = [
'event_type' => $row['status'] === 'online' ? 'came_online' : 'went_offline',
'old_value' => $device->status,
'new_value' => $row['status'],
'description' => $row['status'] === 'online'
? "Gerät wieder online ({$row['ip']})"
: "Gerät offline ({$device->current_ip})",
];
}
$device->update([
'current_ip' => $row['ip'],
'hostname' => $row['hostname'] ?: $device->hostname,
'status' => $row['status'],
'last_seen_at' => now(),
]);
foreach ($events as $event) {
NetworkDeviceEvent::create(array_merge($event, [
'device_id' => $device->id,
'scan_id' => $scanId,
]));
}
}
$hostRecord->update(['device_id' => $device->id]);
return [$newDevices, $changedDevices];
}
/**
* Geräte ohne MAC-Adresse tracken (z.B. Remote-Subnet wo kein ARP möglich ist).
* Primärschlüssel: Hostname (stabil per DNS). Fallback: IP-Adresse.
*/
private function processDeviceWithoutMac(
NetworkHost $hostRecord,
array $row,
int $scanId,
int $newDevices,
int $changedDevices
): array {
// Vorhandenes Gerät suchen: erst per Hostname, dann per IP
$device = null;
if (!empty($row['hostname'])) {
$device = NetworkDevice::whereNull('mac_address')
->where('hostname', $row['hostname'])
->first();
}
if (!$device) {
$device = NetworkDevice::whereNull('mac_address')
->where('current_ip', $row['ip'])
->first();
}
$isNew = !$device;
if ($isNew) {
$device = new NetworkDevice();
$device->fill([
'mac_address' => null,
'current_ip' => $row['ip'],
'hostname' => $row['hostname'] ?: null,
'mac_vendor' => null,
'status' => $row['status'],
'first_seen_at' => now(),
'last_seen_at' => now(),
])->save();
NetworkDeviceEvent::create([
'device_id' => $device->id,
'scan_id' => $scanId,
'event_type' => 'new_device',
'new_value' => $row['ip'],
'description' => 'Erstes Erscheinen (kein MAC): ' . $row['ip']
. ($row['hostname'] ? " ({$row['hostname']})" : ''),
]);
$newDevices++;
} else {
$events = [];
// IP-Wechsel: Hostname gleich, aber andere IP
if ($device->current_ip !== $row['ip']) {
$events[] = [
'event_type' => 'ip_changed',
'old_value' => $device->current_ip,
'new_value' => $row['ip'],
'description' => "IP geändert: {$device->current_ip}{$row['ip']}",
];
$changedDevices++;
}
if ($device->status !== $row['status']) {
$events[] = [
'event_type' => $row['status'] === 'online' ? 'came_online' : 'went_offline',
'old_value' => $device->status,
'new_value' => $row['status'],
'description' => $row['status'] === 'online'
? "Gerät wieder online ({$row['ip']})"
: "Gerät offline ({$device->current_ip})",
];
}
$device->update([
'current_ip' => $row['ip'],
'hostname' => $row['hostname'] ?: $device->hostname,
'status' => $row['status'],
'last_seen_at' => now(),
]);
foreach ($events as $event) {
NetworkDeviceEvent::create(array_merge($event, [
'device_id' => $device->id,
'scan_id' => $scanId,
]));
}
}
$hostRecord->update(['device_id' => $device->id]);
return [$newDevices, $changedDevices];
}
private function normalizeMac(string $mac): string
{
$clean = preg_replace('/[^a-fA-F0-9]/', '', $mac);
if (strlen($clean) !== 12) {
return '';
}
return strtoupper(implode(':', str_split($clean, 2)));
}
}
+121 -6
View File
@@ -4,26 +4,53 @@ namespace App\Http\Controllers;
use App\Models\NetworkDevice;
use App\Models\NetworkDeviceEvent;
use App\Models\NetworkHost;
use App\Models\NetworkScan;
use App\Models\NetworkSegment;
use App\Services\NetworkScanImporter;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Storage;
use Illuminate\View\View;
class NetworkController extends Controller
{
// --- Subnetz-Erkennung aus vorhandenen IP-Daten ---
public function detectSubnets(): JsonResponse
{
$subnets = DB::table('network_hosts')
->whereNotNull('ip_address')
->select(DB::raw("CONCAT(SUBSTRING_INDEX(ip_address, '.', 3), '.0/24') as subnet"))
->distinct()
->orderBy('subnet')
->pluck('subnet')
->toArray();
return response()->json($subnets);
}
// --- Dashboard ---
public function dashboard(): View
{
$segments = NetworkSegment::withCount('scans')->orderBy('name')->get();
$totalDevices = NetworkDevice::count();
$onlineDevices = NetworkDevice::where('status', 'online')->count();
$recentEvents = NetworkDeviceEvent::with('device')
// IP-Wechsel separat → prominenter Block oben
$ipChangeEvents = NetworkDeviceEvent::with('device')
->where('documented', false)
->where('event_type', 'ip_changed')
->latest()
->take(10)
->get();
// Alle anderen undokumentierten Ereignisse
$recentEvents = NetworkDeviceEvent::with('device')
->where('documented', false)
->where('event_type', '!=', 'ip_changed')
->latest()
->take(15)
->get();
// Letzten Scan pro Segment
@@ -33,31 +60,113 @@ class NetworkController extends Controller
->groupBy('segment_id');
return view('network.dashboard', compact(
'segments', 'totalDevices', 'onlineDevices', 'recentEvents', 'latestScans'
'segments', 'totalDevices', 'onlineDevices',
'recentEvents', 'ipChangeEvents', 'latestScans'
));
}
// --- Chronologischer IP-Verlauf ---
public function history(Request $request): View
{
$query = \App\Models\NetworkHost::query()
->join('network_scans', 'network_scans.id', '=', 'network_hosts.scan_id')
->leftJoin('network_segments', 'network_segments.id', '=', 'network_scans.segment_id')
->leftJoin('network_devices', 'network_devices.id', '=', 'network_hosts.device_id')
->select([
'network_hosts.*',
'network_scans.created_at as scan_time',
'network_scans.segment_id',
'network_scans.scanner',
'network_segments.name as segment_name',
'network_devices.label as device_label',
]);
if ($request->filled('ip')) {
$query->where('network_hosts.ip_address', 'like', '%' . $request->ip . '%');
}
if ($request->filled('mac')) {
$query->where('network_hosts.mac_address', 'like', '%' . $request->mac . '%');
}
if ($request->filled('hostname')) {
$query->where(function ($q) use ($request) {
$q->where('network_hosts.hostname', 'like', '%' . $request->hostname . '%')
->orWhere('network_devices.label', 'like', '%' . $request->hostname . '%');
});
}
if ($request->filled('segment')) {
$query->where('network_scans.segment_id', $request->segment);
}
if ($request->filled('status')) {
$query->where('network_hosts.status', $request->status);
}
if ($request->filled('from')) {
$query->where('network_scans.created_at', '>=', $request->from . ' 00:00:00');
}
if ($request->filled('to')) {
$query->where('network_scans.created_at', '<=', $request->to . ' 23:59:59');
}
$entries = $query->orderByDesc('network_scans.created_at')
->orderByRaw('INET_ATON(network_hosts.ip_address)')
->paginate(100)
->withQueryString();
$segments = \App\Models\NetworkSegment::orderBy('name')->get();
return view('network.history', compact('entries', 'segments'));
}
// --- Globale Suche ---
public function search(Request $request): View
{
$q = trim($request->get('q', ''));
$devices = collect();
$hostResults = collect();
if (strlen($q) >= 2) {
// Suche in network_devices (MAC-basiert / bereits getracked)
$devices = NetworkDevice::with('events')
->where(function ($query) use ($q) {
$query->where('current_ip', 'like', "%{$q}%")
$query->where('current_ip', 'like', "%{$q}%")
->orWhere('mac_address', 'like', "%{$q}%")
->orWhere('hostname', 'like', "%{$q}%")
->orWhere('netbios_name','like', "%{$q}%")
->orWhere('label', 'like', "%{$q}%")
->orWhere('mac_vendor', 'like', "%{$q}%");
})
->orderBy('current_ip')
->paginate(50)
->withQueryString();
// Zusätzlich: direkte Suche in network_hosts (auch ohne Device-Eintrag)
// Zeigt IPs/Hosts die in Scans gefunden wurden, aber noch kein Device-Record haben
$hostResults = NetworkHost::query()
->join('network_scans', 'network_scans.id', '=', 'network_hosts.scan_id')
->leftJoin('network_segments', 'network_segments.id', '=', 'network_scans.segment_id')
->whereNull('network_hosts.device_id')
->where(function ($query) use ($q) {
$query->where('network_hosts.ip_address', 'like', "%{$q}%")
->orWhere('network_hosts.mac_address', 'like', "%{$q}%")
->orWhere('network_hosts.hostname', 'like', "%{$q}%");
})
->select([
'network_hosts.ip_address',
'network_hosts.mac_address',
'network_hosts.hostname',
'network_hosts.mac_vendor',
'network_hosts.status',
'network_hosts.ping_ms',
'network_scans.created_at as scan_time',
'network_segments.name as segment_name',
DB::raw('network_scans.id as scan_id'),
])
->orderByDesc('network_scans.created_at')
->limit(50)
->get()
->unique('ip_address'); // Jede IP nur einmal (neuester Fund)
}
return view('network.search', compact('q', 'devices'));
return view('network.search', compact('q', 'devices', 'hostResults'));
}
// --- Alte index-Route umleiten ---
@@ -203,6 +312,12 @@ class NetworkController extends Controller
->orderByRaw("INET_ATON(ip_address)")
->get();
return view('network.scan', compact('scan', 'hosts'));
$notes = collect();
if ($scan->segment_id) {
$notes = \App\Models\NetworkIpNote::where('segment_id', $scan->segment_id)
->pluck('note', 'ip_address');
}
return view('network.scan', compact('scan', 'hosts', 'notes'));
}
}
@@ -2,9 +2,13 @@
namespace App\Http\Controllers;
use App\Models\NetworkIpNote;
use App\Models\NetworkSegment;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Artisan;
use Illuminate\Support\Facades\DB;
use Illuminate\View\View;
class NetworkSegmentController extends Controller
@@ -80,4 +84,96 @@ class NetworkSegmentController extends Controller
return redirect()->route('network.segments.index')
->with('success', "Segment \"{$name}\" gelöscht.");
}
public function triggerScan(NetworkSegment $segment): RedirectResponse
{
if (!$segment->active) {
return back()->with('error', 'Segment ist inaktiv.');
}
// Scan im Hintergrund starten (non-blocking)
$projectPath = base_path();
$phpBinary = PHP_BINARY;
$cmd = "cd {$projectPath} && {$phpBinary} artisan network:scan {$segment->id} --force > /dev/null 2>&1 &";
exec($cmd);
return redirect()->route('network.segments.show', $segment)
->with('success', "Scan für \"{$segment->name}\" wurde gestartet. Ergebnisse erscheinen in Kürze.");
}
// --- IP-Notiz speichern (Upsert per Segment + IP) ---
public function saveIpNote(Request $request, NetworkSegment $segment): JsonResponse
{
$request->validate([
'ip_address' => ['required', 'ip'],
'note' => ['nullable', 'string', 'max:500'],
]);
NetworkIpNote::updateOrCreate(
['segment_id' => $segment->id, 'ip_address' => $request->ip_address],
[
'note' => $request->note,
'updated_by' => auth()->id(),
'created_by' => auth()->id(),
]
);
return response()->json(['ok' => true]);
}
// --- Export: Excel (OpenSpout kein ext-gd, PHP 8.5 kompatibel) ---
public function exportXlsx(NetworkSegment $segment)
{
$hosts = $this->getLatestScanHosts($segment);
$notes = NetworkIpNote::where('segment_id', $segment->id)
->pluck('note', 'ip_address');
$filename = 'Segment_' . preg_replace('/[^a-zA-Z0-9_-]/', '_', $segment->name)
. '_' . now()->format('Ymd_Hi') . '.xlsx';
$tempFile = tempnam(sys_get_temp_dir(), 'net_export_') . '.xlsx';
$writer = new \OpenSpout\Writer\XLSX\Writer();
$writer->openToFile($tempFile);
$writer->addRow(\OpenSpout\Common\Entity\Row::fromValues([
'IP-Adresse', 'Status', 'Hostname', 'MAC-Adresse', 'Hersteller', 'Ping (ms)', 'Bemerkung',
]));
foreach ($hosts as $host) {
$writer->addRow(\OpenSpout\Common\Entity\Row::fromValues([
$host->ip_address,
$host->status,
$host->hostname ?? '',
$host->mac_address ?? '',
$host->mac_vendor ?? '',
$host->ping_ms !== null ? (string) $host->ping_ms : '',
$notes[$host->ip_address] ?? '',
]));
}
$writer->close();
return response()->download($tempFile, $filename, [
'Content-Type' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
])->deleteFileAfterSend(true);
}
// --- Export: PDF (Browser-Print-View kein PHP-PDF-Package nötig) ---
public function exportPdf(NetworkSegment $segment)
{
$hosts = $this->getLatestScanHosts($segment);
$notes = NetworkIpNote::where('segment_id', $segment->id)
->pluck('note', 'ip_address');
return view('network.segments.export-pdf', compact('segment', 'hosts', 'notes'));
}
private function getLatestScanHosts(NetworkSegment $segment)
{
$latestScan = $segment->scans()->latest()->first();
if (!$latestScan) {
return collect();
}
return $latestScan->hosts()->orderByRaw('INET_ATON(ip_address)')->get();
}
}
+22
View File
@@ -0,0 +1,22 @@
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
class NetworkIpNote extends Model
{
protected $fillable = [
'segment_id',
'ip_address',
'note',
'created_by',
'updated_by',
];
public function segment(): BelongsTo
{
return $this->belongsTo(NetworkSegment::class);
}
}
+33 -3
View File
@@ -10,14 +10,44 @@ use Illuminate\Database\Eloquent\Relations\HasManyThrough;
class NetworkSegment extends Model
{
protected $fillable = [
'name', 'subnet', 'vlan_id', 'active', 'description', 'created_by',
'name', 'subnet', 'vlan_id', 'active', 'description',
'scan_interval_minutes', 'last_scanned_at', 'nmap_options', 'created_by',
];
protected $casts = [
'active' => 'boolean',
'vlan_id' => 'integer',
'active' => 'boolean',
'vlan_id' => 'integer',
'scan_interval_minutes' => 'integer',
'last_scanned_at' => 'datetime',
];
/** Ist ein automatischer Scan fällig? */
public function isScanDue(): bool
{
if (!$this->active || !$this->scan_interval_minutes) {
return false;
}
if (!$this->last_scanned_at) {
return true;
}
return $this->last_scanned_at->addMinutes($this->scan_interval_minutes)->isPast();
}
/** Lesbare Intervall-Beschreibung */
public function getScanIntervalLabelAttribute(): string
{
return match($this->scan_interval_minutes) {
5 => 'alle 5 Minuten',
15 => 'alle 15 Minuten',
30 => 'alle 30 Minuten',
60 => 'stündlich',
360 => 'alle 6 Stunden',
720 => 'alle 12 Stunden',
1440 => 'täglich',
default => 'manuell',
};
}
public function createdBy(): BelongsTo
{
return $this->belongsTo(User::class, 'created_by');